A comprehensive 3-dimensional security analysis of a controller in software-defined networking

Software-defined networking (SDN) has recently emerged as a novel networking paradigm that enables network administrators to manage network services through high-level abstraction of networking functions. This is achieved by mainly decoupling the control plane from the data plane. The control plane, namely the SDN controller, makes dynamic decisions on where traffic is sent in the underlying systems that forward data to the selected destinations. The SDN controller, seen as a networking operating system, acts, therefore, as the brain in SDN. Consequently, its importance makes it a privileged new target for future attackers. In order to have a comprehensive security assessment of the SDN controller, we conducted a 3-dimensional analysis to study the security of OpenFlow-based SDN controllers. This study includes: (1) the essential components of a controller, (2) the characteristics provided by a controller, and (3) the STRIDE model. At the end, we also summarized 9 principles that are necessary to secure an SDN controller from the reported attacks and analyzed the security of 5 active open-source controllers following those principles.